Computer and Network Security
Final Exam (A), 2003
Dr. Ron Rymon
Time: 2 hours and 30 minutes, plus 30 minutes extension.
No Additional Material is Allowed
Part A. Explain briefly the following 6 terms (4 points each):
1.
2.
3.
4.
5.
6.
CBC
Identity Management
3DES
Steganography
Something-you-possess
Social engineering
Part B. Answer 4 of the following 5 questions (9 points each):
1. Explain how a DDoS attack is mounted, and how it can be detected and dealt with
2. Explain the purpose and method of building honeypots and honeynets
3. Explain how fingerprinting works, and how it can be used for authentication
4. Explain how a firewall works, and the difference between a packet filter and
application gateway
5. Suppose that one of the bits of the plaintext was flipped just before encryption. How
would this affect the ciphertext if the encryption was done using 3DES: (1) in ECB
mode; (2) in CBC mode; (3) in OFB mode
Part C. Answer the following two questions (20 points each):
1. Explain the goals of Zero-Knowledge and outline the Fiat-Shamir authentication
algorithm
2. Explain each of the steps of the RC5 encryption algorithm. What are the advantages
of RC5? Does your implementation of RC5 (in the exercise) enjoy these advantages?